Complex composite tokens

ABSTRACT

Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.

BACKGROUND

Currently, many services provide Application Programming Interfaces(APIs) through which partner entities are integrated. A transactionplatform can have multiple integrated partners that provide services orgoods for customer transactions through platform APIs.

For instance, a platform may have partners who accept credit cards orsensitive information from their customers. A customer's sensitiveinformation (e.g. credit card or personal identification data) isprovided to the API of a service through a partner provider (e.g. aPayment Card Industry Data Security Standard (PCI DSS) compliant vaultor Health Insurance Portability and Accountability Act (HIPPA) compliantservice) that maintains the sensitive information.

However, PCI DSS or HIPPA compliance can be complex and expensive toimplement. Frequently, PCI DSS or HIPPA compliance is delegated to acompliant partner, which then participates in a transaction (e.g. apurchase or data transfer). This approach involves customers or userssharing their OAuth tokens with these compliant partners in order toperform a transaction. Sharing a token introduces security risk andprevents auditing the use of the token to accurately identify an entityparticipating in a transaction.

Typically, sharing an OAuth token involves the partner impersonatinganother entity, such as the customer. The impersonating entity appearsto the API to be the customer because the token identifies only thecustomer. Sharing the token creates a security risk. Impersonation ofthe customer prevents the token from being used to identify theimpersonating entity as participating in the transaction and, therefore,limits the auditability of the transaction.

It is with respect to these and other considerations that the disclosuremade herein is presented.

SUMMARY

The disclosed technology is directed toward advanced security networkingprotocol extensions and APIs that can extend composite tokens describedin a recent OAuth proposal for delegating permissions from a subjectentity to an actor entity to create trust stacks that provide forcomplex delegations of permissions that can be audited and verified.

In certain simplified examples of the disclosed technologies, methods,systems or computer readable media for trust or authorization delegationfor extension of OAuth multiple actor delegation in accordance with thedisclosed technology involve receiving a first authorization requestfrom a subject client and responding to the first authorization bysending a first token having a first set of permissions to the subjectclient. The disclosed technology also involves receiving a secondauthorization request from a first partner actor, the secondauthorization request including the first token and responding to thesecond authorization request by linking the first partner actor to thesubject client in a trust stack pertaining to the subject client andsending a second token to the first actor partner with a second set ofpermissions, where the second token comprises a first complex token thatidentifies the subject client and the first partner actor. Thetechnology further involves receiving a third authorization request froma second partner actor, the third authorization request including thesecond token and responding to the third authorization request bylinking the second partner actor to the first partner actor in the truststack, and sending a third token to the second actor partner with athird set of permissions, where the third token comprises a secondcomplex token that identifies the first partner actor and the secondpartner actor.

Examples in accordance with certain aspects of the disclosed technologycan further include receiving an access request to a resource from thesecond partner actor, the access request including the third token andgranting access to the resource based on the third set of permissions.Other examples in accordance with other aspects of the disclosedtechnology can include determining the second set of permissions basedon either a union or intersection of permissions for the subject clientand permissions for the first partner actor. In still other examples,the disclosed technologies can include determining the third set ofpermissions based on either a union or intersection of permissions forthe subject client, permissions for the first partner actor, andpermissions for the third partner actor.

In certain examples, the authorization delegation pertains to afinancial transaction, the first partner actor is not configured forcompliance with a standard for secure handling of customer financialdata, and the second partner actor is configured for compliance with thestandard for secure handling of customer financial data.

In certain other examples, the subject client can be an end user, thefirst partner actor can be a service provider to the end user, and thesecond partner actor can be a subcontractor to the first partner. Incertain of these examples, the second partner actor is configured toprovide one or more of shipping, packaging, warehousing and insurance tothe first partner.

It should be appreciated that the above-described subject matter mayalso be implemented as a computer-controlled apparatus, a computerprocess, a computing system, or as an article of manufacture such as acomputer-readable medium. These and various other features will beapparent from a reading of the following Detailed Description and areview of the associated drawings. This Summary is provided to introducea selection of concepts in a simplified form that are further describedbelow in the Detailed Description.

This Summary is not intended to identify key features or essentialfeatures of the claimed subject matter, nor is it intended that thisSummary be used to limit the scope of the claimed subject matter.Furthermore, the claimed subject matter is not limited toimplementations that solve any or all disadvantages noted in any part ofthis disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The Detailed Description is described with reference to the accompanyingfigures. In the figures, the left-most digit(s) of a reference numberidentifies the figure in which the reference number first appears. Thesame reference numbers in different figures indicate similar oridentical items.

FIG. 1 is an architectural diagram showing an illustrative example of anarchitecture suitable for application of the disclosed technology forcomplex delegation of OAuth permissions;

FIG. 2A is a data architecture diagram showing an illustrative exampleof data exchange in an application of the disclosed technology forcomplex delegation of OAuth permissions;

FIG. 2B is a data architecture diagram showing an illustrative exampleof complex delegation of permissions for a payment workflow;

FIG. 2C is a data architecture diagram showing an illustrative exampleof complex delegation of permissions for a shipment workflow;

FIG. 3A is a data architecture diagram illustrating an example of atrust stack showing complex permissions relationships between entitiesin the application of the disclosed technology for complex delegation ofOAuth permissions of FIGS. 1 and 2;

FIG. 3B is a data architecture diagram showing an illustrative exampleof delegation of permissions in the trust stack of FIG. 3A data exchangein an application of the disclosed technology for complex delegation ofOAuth permissions;

FIG. 4 is a control flow diagram showing an illustrative example of aprocess for complex delegation of OAuth permissions in accordance withthe disclosed technology;

FIG. 5 is a computer architecture diagram illustrating an illustrativecomputer hardware and software architecture for a computing systemcapable of implementing aspects of the techniques and technologiespresented herein;

FIG. 6 is a diagram illustrating a distributed computing environmentcapable of implementing aspects of the techniques and technologiespresented herein; and

FIG. 7 is a computer architecture diagram illustrating a computingdevice architecture for a computing device capable of implementingaspects of the techniques and technologies presented herein.

DETAILED DESCRIPTION

The following Detailed Description describes technologies for complexdelegation of OAuth permissions. While a current OAuth proposal providesfor delegation of permission from a subject entity to an actor entityusing composite tokens, the disclosed technology provides for creationof a trust stack that stores permissions and relationships betweenmultiple entities that permits traceable delegation between multipleentities using complex composite tokens.

Recently, an Internet Engineering Task Force (IETF) draft for OAuth 2.0Token Exchange,https://tools.ietforg/html/draft-ietf-oauth-token-exchange-16, proposedan approach that allows delegation of tokens by combining a pair oftokens into a composite token. Each composite token includes a subjecttoken, e.g. a token for a subject entity that is buying an item orreceiving sensitive data, and an actor token, e.g. a token for an actorentity, such as a payment provider or HIPPA compliant service, acting onbehalf of the subject entity.

The resulting composite token of the subject and actor tokens can beused by the actor entity to act on behalf of the subject entity. Thecomposite token provides for the subject entity to maintain its ownidentity separate from the actor entity and explicitly indicates thatthe actor is acting on behalf of the subject.

In contrast, the disclosed technology allows a chain of trust to beestablished for multiple delegations of permissions using complexcomposite tokens. This involves maintaining a trust stack thatidentifies the entities and tokens in each delegation and therelationships between the entities. In certain aspects of the disclosedtechnology, the manner in which permissions are delegated in the complexcomposite tokens can be controlled. The delegations of permissions canbe readily audited and the entities identified using the trust stack.

In the disclosed technology, a chain can be formed using compositetokens issued by an OAuth server that maintains the association betweenthe composite tokens and individual tokens. The following is anillustrative example of a chain of trust:{Token 1}→{Token 1|Token 2}→{Token 2|Token 3}

In this example of a chain of trust, the access allowed to compositetoken {Token 2|Token 3} can also allow access to data or APIs to {Token1} because of the chain of trust linking individual token {Token 1} tocomposite token {Token 2|Token 3} through composite token {Token 1|Token2}. The OAuth service that manages the sending of complex compositetoken will maintain a trust stack that represents (1) the parties actingon behalf of each other within the chain of trust and (2) the call stackin the chain of trust for the transaction.

The disclosed technology can permit a platform to allow an indefinitenumber of N actors to participate in a transaction on the platform. Insome implementations, the disclosed technology can permit the platformto coordinate sub-transactions among the N actors.

In certain examples, a variety of different solutions can be implementedfor controlling the delegation of permissions in the chain of trust. Forexample, assume Token 1 allows API 1 to be called and Token 2 allows API2 to be called. In some examples, the permissions associated with acomposite token can be the intersection of the permissions of theindividual tokens in the composite token. Thus, the composite token{Token 1|Token 2} allow only API 1 to be called.

In other examples, the permissions associated with a composite token canbe the union of the permissions of the individual tokens in thecomposite token. In these examples, the composite token {Token 1|Token2} allows both API 1 and API 2 to be called.

These are simplified examples and many factors may be considered in asystem or method for OAuth multiple actor delegation using complexcomposite tokens.

Because the trust stack allows for granular permissions across differentactors, it offers a technical advantage of improved security of computersystems, computer servers, and/or data centers. Further, because thetrust stack data structure allows for an efficient mechanism to look uppartners interacting on a transaction, so it may improve performance andprocessing efficiency of a machine. As just one example, an O(log(N))look up on trust stacks may be used to discover whether a token isalready in use in a trust stack (if there is an index of tokens to truststacks), and therefore look up of partner entities operating on atransaction may be extremely fast. Because look up of the trust stack isfast, and permissions may be directly associated with security tokens,processing performance to determine permissions allowable by differententities operating on a transaction may be further improved.

As will be described in more detail herein, it can be appreciated thatimplementations of the techniques and technologies described herein mayinclude the use of solid state circuits, digital logic circuits,computer components, and/or software executing on one or more inputdevices. Signals described herein may include analog and/or digitalsignals for communicating a changed state of the data file or otherinformation pertaining to the data file.

While the subject matter described herein is presented in the generalcontext of program modules that execute in conjunction with theexecution of an operating system and application programs on a computersystem, those skilled in the art will recognize that otherimplementations may be performed in combination with other types ofprogram modules. Generally, program modules include routines, programs,components, data structures, and other types of structures that performparticular tasks or implement particular abstract data types. Moreover,those skilled in the art will appreciate that the subject matterdescribed herein may be practiced with other computer systemconfigurations, including multiprocessor systems, mainframe computers,microprocessor-based or programmable consumer electronics,minicomputers, hand-held devices, and the like.

By the use of the technologies described herein, a trust stack iscreated that stores permissions and relationships between multipleentities and permits traceable delegation between the multiple entitiesusing complex composite tokens. Other technical effects other than thosementioned herein can also be realized from implementation of thetechnologies disclosed herein.

In the following detailed description, references are made to theaccompanying drawings that form a part hereof, and in which are shown byway of illustration specific configurations or examples. Referring nowto the drawings, in which like numerals represent like elementsthroughout the several figures, aspects of a computing system,computer-readable storage medium, and computer-implemented methodologiesfor trust delegation will be described. As will be described in moredetail below with respect to the figures, there are a number ofapplications and services that may embody the functionality andtechniques described herein.

FIG. 1 is an architectural diagram showing an illustrative example of anarchitecture 100 suitable for application of the disclosed technologyfor OAuth multiple actor delegation using complex composite tokens. Inthe example of FIG. 1, a client, such as a consumer's mobile clientdevice, acting as a subject entity can communicate with partner servers120A-C and OAuth server 130 through network 102. Partner servers 120A-Ccan communicate with one another and OAuth server 130 to transfer, forexample, authentication data and other data relating to a transaction,such as a data transfer or a purchase transaction. OAuth server 130 canbe a platform for controlling the transaction as well as managingauthentication tokens for client 110 and partner server 120A-C.

FIG. 2A is a data architecture diagram showing an illustrative exampleof a data exchange 200 in an application of the disclosed technology forcomplex delegation of OAuth permissions. In this example, client 110, asa subject entity, initiates an authentication flow, at 202, to obtain anauthentication token from OAuth server 130 that permits access to acomputer resource, such as one or more APIs. At 204, if authenticationis successful, OAuth server 130 sends Token1 to client 110. While OAuthis used in at least some embodiments, it is to be appreciated that atrust stack may be used in any security or other networking protocols.

At 212, client 110 delegates access to partner server 120A, by sendingToken1 so that partner server 120A can be an actor entity for thesubject entity of client 110. At 214, partner server 120A registersToken1 with OAuth server 130. In response, OAuth server 130 registersToken1, generates Token 2 for partner server 120A, and creates compositetoken Token1:Token2, which is provided to partner server 120A at 216. Atthis point, the subject entity of client 110 has delegated itspermissions to the actor entity of partner server 120A in accordancewith the IETF OAuth proposal discussed above.

In accordance with the disclosed technology, partner server 120A furtherdelegates access to partner server 120B as another actor entity bysending composite token Token1:Token2 at 222. At 224, partner server120B registers composite token Token1:Token2 with OAuth server 130.OAuth server 130 creates a chain of trust by recording the delegationindicated in composite token Token1:Token2 in a trust stack thatindicates the relationship of Token2 to Token1 along with the devicesassociated with each of Token1 and Token2. OAuth server generates Token3for partner server 120B, which is recorded in the trust stack along withthe device associated with Token3 and indicating the relationship ofToken3 to Token2, and creates a complex composite token Token2:Token3,which it sends to partner server 120B at 226.

At 232, partner server 120B further delegates access to partner server120C as yet another actor entity by sending complex composite tokenToken2:Token3. Partner server 120C registers complex composite tokenToken2:Token3 with OAuth server 130. OAuth server 130 records thedelegation indicated in complex composite token Token2:Token3 in thetrust stack. OAuth server 130 generates Token4 for partner server 120C,which is recorded in the trust stack along with the device associatedwith Token4, e.g. partner server 120C, to indicate the relationship ofToken4 to Token3, and creates complex composite token Token4:Token3,which it sends to partner server 120C at 236. Optionally, OAuth server130 may maintain one or more indexes of the trust stack so that thetrust stack(s) associated with a token is quickly identified, and theposition of the token within the trust stack quickly found. It is to beappreciated that a trust stack may include simple tokens, complextokens, and/or any combination of the types of token.

FIG. 2B is a data architecture diagram showing an illustrative exampleof complex delegation of permissions for a payment workflow 240. In thisexample, at 242, a client buyer 110 initiates completion of atransaction through eCommerce platform 130, at 242, with seller partnerserver 120A and, at 244, tenders payment to seller partner server 120A,which is not PCI compliant. It is to be appreciated that while FIG. 2Bdepicts an eCommerce platform, the trust stack may be used in any webenvironment that requires authentication and/or authorization by variousentities, and where it is desirable to store tokens allocated acrossentities as well as delegation of authority by one or more of thoseentities. As a second example, such authorization may be for storage ofdata in a database.

Because seller partner server 120A is not PCI compliant, it willdelegate receiving payment to another partner entity that is PCIcompliant. At 246, seller partner server 120A registers with eCommerceplatform 130 to obtain a first access token Token1 for obtaining accessto the client buyer's payment information, which is sent at 248.

At 250, seller partner server 120A delegates receipt of payment topartner server 120B, which is indicated in a complex token thatidentifies seller partner server 120A as the subject entity and partnerserver 120B as the actor entity and includes Token1. Upon receipt of thedelegation, at 252, partner server 120B registers with eCommerceplatform 130 and, at 254, receives complex token {Token1, Token2}.

In turn, partner server 120B, at 260, delegates payment receipt topartner server 120C, which is a PCI compliant vault that contains thepayment information for client buyer 110. At 262, partner server 120Cregisters with eCommerce platform 130 and, at 264, receives complextoken {Token2, Token3}, which grants access to partner server 120C tosubmit the client buyer's payment information via a payment API ofeCommerce platform 130.

The payment work flow 240 of FIG. 2B illustrates one example of apayment workflow in which partner server 120C acts to obtain payment onbehalf of partner seller server 120A. The delegation of trust in thisscenario will be maintained by eCommerce platform 130 in a trust stack.As will be readily appreciated by one of ordinary skill in the art, manyvariations on this payment workflow are possible without departing fromthe teachings of the disclosed technology.

FIG. 2C is a data architecture diagram showing an illustrative exampleof complex delegation of permissions for a shipment workflow 270. Inthis scenario, seller partner server 120A delegates shipment of an itempurchased by buyer client 110 to a partner servers 120B and 120C. Forexample, partner server 120B can obtain and pack the item and thenprovide it to partner server 120C for bulk shipment.

At 274, client buyer 110 sends a request to ship the item to partnerseller server 120A. At 276, partner seller server 120A registers witheCommerce platform 130 and, at 278, receives access Token1. For example,access Token1 can provide access to the client buyer's home shippinginformation.

At 280, seller partner server 120A delegates shipment of the item topartner server 120B, e.g. a courier, packer or warehouse, which isindicated in a complex token that identifies seller partner server 120Aas the subject entity and partner server 120B as the actor entity andincludes Token1. At 282, partner server 120B registers with eCommerceplatform 130 and, at 284, receives complex token {Token1, Token2}.

In turn, partner server 120B, at 290, delegates bulk shipment to partnerserver 120C. For example, partner server 120B picks and packs the itemfor seller partner server 120A and then delegates bulk shipment of theitem to partner server 120C. At 292, partner server 120C registers witheCommerce platform 130 and, at 294, receives complex token {Token2,Token3}, which, for example, grants access to partner server 120C toobtain the client buyer's payment shipment information via a shippingAPI of eCommerce platform 130 and, at 296, ships the item to the clientbuyer's shipping address.

The payment work flow 270 of FIG. 2C illustrates one example of ashipping workflow in which partner servers 120B and 120C act on behalfof partner seller server 120A to fulfill shipment of the item purchasedby client buyer 110. The delegation of trust in this scenario will bemaintained by eCommerce platform 130 in a trust stack.

As will be readily appreciated by one of ordinary skill in the art, manyvariations on this shipping workflow are possible without departing fromthe teachings of the disclosed technology. For example, another partnerserver may be involved in insuring shipment of the item on behalf ofseller partner server 120A.

In addition, the trust stack and delegation scheme of the disclosedtechnology can be utilized to implement a wide variety of work flowschemes. For example, the trust stack and delegation scheme can, in someexamples, be combined with workflow management functionality to controland direct work flows involving complex permissions and delegations.

The trust stack resulting from the example of FIG. 2A is shown in FIG.3A, which is a data architecture diagram showing an architecture 300 fora complex delegation of OAuth permissions created by the delegationsillustrated in FIG. 2. In this example, each authentication layer 310includes an identifier 312 for an authorized entity, an access token314, a set of defined permissions 316 associated with the access token,and a permissions delegation indicator 318 indicating how delegatedpermissions are handled. For each delegation, the delegating layer anddelegatee layer are linked or otherwise associated, e.g. in a table orlist. For example, for the delegation from client 110 to partner server120A, layer 310A, which contains the identifier for client 110 alongwith access Token1 and permissions associated with Token1, e.g. API1, islinked to layer 310B, which contains the identifier for partner server120A along with access Token2 and permissions associated with Token2,e.g. API1 and API2.

Similarly, for the delegation from partner server 120A to partner server120B, layer 310B is linked to layer 310C, which contains the identifierfor partner server 120B along with access Token3 and permissionsassociated with Token3, e.g. API1, API2 and API3. For the delegationfrom partner server 120B to partner server 120C, layer 310C is linked tolayer 310D, which contains the identifier for partner server 120C alongwith access Token4 and permissions associated with Token3, e.g. API1,API2 and API3.

The trust stack or data structure 300 is maintained in OAuth server 130,which adds a layer to the trust stack for each successful delegation.Note that the disclosed technology is not limited to the data structureshown. Also note that, depending upon the implementation and desiredfeatures, either more or less data can be incorporated into the truststack. Also, as noted above, the trust stack and delegation schemedescribed herein can be combined, in some examples, with complexworkflows and workflow management. It will be readily understood that avariety of data forms can be utilized to represent the multipledelegations of permissions in accordance with the disclosed technology.

FIG. 3B is a data architecture diagram showing an illustrative exampleof the delegation of permissions 330 in the trust stack 300 of FIG. 3Ain an application of the disclosed technology for complex delegation ofOAuth permissions. As noted above with respect to FIG. 3A, a permissionsdelegation indicator 318 indicating how delegated permissions arehandled, e.g. by OAuth server 130, in determining which permissions havebeen delegated.

For example, the permissions delegation indicator 318 can indicate thatonly the intersection of permissions 316 granted in association witheach token 314 at each level are able to be delegated. The OAuth server130 determines the intersection of the permissions 316 of the layers intrust stack 300 to determine the permissions delegated. In the exampleof FIG. 3A, the only permissions common to the permissions 316A-D isAPI1. Thus, the permissions delegated in this scenario are limited toaccess to API1.

In another example, the permissions delegation indicator 318 canindicate that the union of permissions 316 granted in association witheach token 314 at each level are able to be delegated. The OAuth server130 determines the union of the permissions 316 of the layers in truststack 300 to determine the permissions delegated to partner server 120D.In the example of FIG. 3A, all permissions included in the permissions316A-D are delegated to partner server 120D. Thus, the permissionsdelegated to partner server 120D in this scenario provide access toAPI1, API2 and API3.

Notably, while FIG. 3B depicts association of different permissions todifferent APIs in association with the tokens in the trust stack, otherdata may be associated with the tokens in the trust stack. For example,user profiles, or cache data may be associated with the tokens in thetrust stack. Any data useful to complete a distributed transactionassociated with the entities operating in the trust stack may bemaintained.

FIG. 4 is a control flow diagram showing an illustrative example of aprocess 400 for complex delegation of OAuth permissions in accordancewith the disclosed technology. At 410, an authentication request isreceived from a client. For example, OAuth server 130 receives anauthentication request from client 110 in FIG. 2A. At 412, OAuth server130 responds with a first access token with, in this example, permissionto access API1.

At 420, an authorization is received from a first partner, where theauthorization request includes the first token. Because of the presenceof the first token in the request, OAuth server 130 recognizes therequest as a delegation from the client to the first server, e.g. client110 to partner server 120A. At 422, OAuth server 130 links the firstpartner to the client in the trust stack, e.g. creates layer 310A intrust stack 300 in FIG. 3A, and responds to the authorization requestfrom the first partner with a second token, which is a complex tokenthat indicates the client as the subject entity and the first partner asthe actor entity.

At 430, an authorization request is received from a second partner, e.g.partner server 120B that includes the second token. The presence of thesecond token indicates to the OAuth server 130 that the first partnerhas delegated to the second partner. At 432, the second partner islinked to the first partner in the trust stack, e.g. by creation oflayer 310B in trust stack 300, and a third token, which is a complextoken that indicates the first partner as the subject entity and thesecond partner as the actor entity, is generated and sent to the secondpartner.

At 440, an authorization request is received from a third partner thatincludes the third token. This indicates to the OAuth server 130 thatthe second partner has delegated to the third partner. At 442, the thirdpartner is linked to the second partner in the trust stack, e.g. bycreation of layer 310C in trust stack 300, and a fourth token, which isa complex token that indicates the second partner as the subject entityand the third partner as the actor entity, is generated and sent to thethird partner.

The steps of process 400 can be extended to add additional layers to thetrust stack representing further delegations. The OAuth server 130maintains the trust stack, which illustrates each delegation ofauthority.

It should be appreciated that a variety of different instrumentalitiesand methodologies can be utilized to establish wireless communication aswell as collect, exchange and display sensor and message data withoutdeparting from the teachings of the disclosed technology. The disclosedtechnology provides a high degree of flexibility and variation in theconfiguration of implementations without departing from the teachings ofthe present disclosure.

The present techniques may involve operations occurring in one or moremachines. As used herein, “machine” means physical data-storage andprocessing hardware programed with instructions to perform specializedcomputing operations. It is to be understood that two or more differentmachines may share hardware components. For example, the same integratedcircuit may be part of two or more different machines.

One of ordinary skill in the art will recognize that a wide variety ofapproaches may be utilized and combined with the present approach totrust delegation. The specific examples of different aspects of trustdelegation described herein are illustrative and are not intended tolimit the scope of the techniques shown.

Computer Architectures for Trust Delegation

Note that at least parts of processes 400, 420, 430, 440, 450, and 460of FIGS. 4A, 4B, 4C, 4D, 4E and 4F and other processes and operationspertaining to trust delegation described herein may be implemented inone or more servers, such as computer environment 600 in FIG. 6, or thecloud, and data defining the results of user control input signalstranslated or interpreted as discussed herein may be communicated to auser device for display. Alternatively, the trust delegation processesmay be implemented in a client device. In still other examples, someoperations may be implemented in one set of computing resources, such asservers, and other steps may be implemented in other computingresources, such as a client device.

It should be understood that the methods described herein can be endedat any time and need not be performed in their entireties. Some or alloperations of the methods described herein, and/or substantiallyequivalent operations, can be performed by execution ofcomputer-readable instructions included on a computer-storage media, asdefined below. The term “computer-readable instructions,” and variantsthereof, as used in the description and claims, is used expansivelyherein to include routines, applications, application modules, programmodules, programs, components, data structures, algorithms, and thelike. Computer-readable instructions can be implemented on varioussystem configurations, including single-processor or multiprocessorsystems, minicomputers, mainframe computers, personal computers,hand-held computing devices, microprocessor-based, programmable consumerelectronics, combinations thereof, and the like.

Thus, it should be appreciated that the logical operations describedherein are implemented (1) as a sequence of computer implemented acts orprogram modules running on a computing system and/or (2) asinterconnected machine logic circuits or circuit modules within thecomputing system. The implementation is a matter of choice dependent onthe performance and other requirements of the computing system.Accordingly, the logical operations described herein are referred tovariously as states, operations, structural devices, acts, or modules.These operations, structural devices, acts, and modules may beimplemented in software, in firmware, in special purpose digital logic,and any combination thereof.

As described herein, in conjunction with the FIGURES described herein,the operations of the routines (e.g. processes 400, 420, 430, 440, 450,and 460 of FIGS. 4A, 4B, 4C, 4D, 4E and 4F) are described herein asbeing implemented, at least in part, by an application, component,and/or circuit. Although the following illustration refers to thecomponents of FIGS. 4A-F, it can be appreciated that the operations ofthe routines may be also implemented in many other ways. For example,the routines may be implemented, at least in part, by a computerprocessor or a processor or processors of another computer. In addition,one or more of the operations of the routines may alternatively oradditionally be implemented, at least in part, by a computer workingalone or in conjunction with other software modules.

For example, the operations of routines are described herein as beingimplemented, at least in part, by an application, component and/orcircuit, which are generically referred to herein as modules. In someconfigurations, the modules can be a dynamically linked library (DLL), astatically linked library, functionality produced by an applicationprograming interface (API), a compiled program, an interpreted program,a script or any other executable set of instructions. Data and/ormodules, such as the data and modules disclosed herein, can be stored ina data structure in one or more memory components. Data can be retrievedfrom the data structure by addressing links or references to the datastructure.

Although the following illustration refers to the components of theFIGURES discussed above, it can be appreciated that the operations ofthe routines (e.g. processes 400, 420, 430, 440, 450, and 460 of FIGS.4A, 4B, 4C, 4D, 4E and 4F) may be also implemented in many other ways.For example, the routines may be implemented, at least in part, by aprocessor of another remote computer or a local computer or circuit. Inaddition, one or more of the operations of the routines mayalternatively or additionally be implemented, at least in part, by achipset working alone or in conjunction with other software modules. Anyservice, circuit or application suitable for providing the techniquesdisclosed herein can be used in operations described herein.

FIG. 5 shows additional details of an example computer architecture 500for a computer, such as the devices 110 and 120A-C (FIGS. 1 and 2A-C),capable of executing the program components described herein. Thus, thecomputer architecture 500 illustrated in FIG. 5 illustrates anarchitecture for an on-board vehicle computer, a server computer, mobilephone, a PDA, a smart phone, a desktop computer, a netbook computer, atablet computer, an on-board computer, a game console, and/or a laptopcomputer. The computer architecture 500 may be utilized to execute anyaspects of the software components presented herein.

The computer architecture 500 illustrated in FIG. 5 includes a centralprocessing unit 502 (“CPU”), a system memory 504, including a randomaccess memory 506 (“RAM”) and a read-only memory (“ROM”) 508, and asystem bus 510 that couples the memory 504 to the CPU 502. A basicinput/output system containing the basic routines that help to transferinformation between sub-elements within the computer architecture 500,such as during startup, is stored in the ROM 508. The computerarchitecture 500 further includes a mass storage device 512 for storingan operating system 507, data (such as permissions information 520,trust stack information 522, and workflow information 524), and one ormore application programs.

The mass storage device 512 is connected to the CPU 502 through a massstorage controller (not shown) connected to the bus 510. The massstorage device 512 and its associated computer-readable media providenon-volatile storage for the computer architecture 500. Although thedescription of computer-readable media contained herein refers to a massstorage device, such as a solid-state drive, a hard disk or CD-ROMdrive, it should be appreciated by those skilled in the art thatcomputer-readable media can be any available computer storage media orcommunication media that can be accessed by the computer architecture500.

Communication media includes computer readable instructions, datastructures, program modules, or other data in a modulated data signalsuch as a carrier wave or other transport mechanism and includes anydelivery media. The term “modulated data signal” means a signal that hasone or more of its characteristics changed or set in a manner so as toencode information in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared and other wireless media. Combinations of any of the aboveshould also be included within the scope of computer-readable media.

By way of example, and not limitation, computer storage media mayinclude volatile and non-volatile, removable and non-removable mediaimplemented in any method or technology for storage of information suchas computer-readable instructions, data structures, program modules orother data. For example, computer media includes, but is not limited to,RAM, ROM, EPROM, EEPROM, flash memory or other solid state memorytechnology, CD-ROM, digital versatile disks (“DVD”), HD-DVD, BLU-RAY, orother optical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other medium which canbe used to store the desired information and which can be accessed bythe computer architecture 500. For purposes the claims, the phrase“computer storage medium,” “computer-readable storage medium” andvariations thereof, does not include waves, signals, and/or othertransitory and/or intangible communication media, per se.

According to various configurations, the computer architecture 500 mayoperate in a networked environment using logical connections to remotecomputers through the network 556 and/or another network (not shown).The computer architecture 500 may connect to the network 556 through anetwork interface unit 514 connected to the bus 510. It should beappreciated that the network interface unit 514 also may be utilized toconnect to other types of networks and remote computer systems. Thecomputer architecture 500 also may include an input/output controller516 for receiving and processing input from a number of other devices,including a keyboard, mouse, game controller, television remote orelectronic stylus (not shown in FIG. 5). Similarly, the input/outputcontroller 516 may provide output to a display screen, a printer, orother type of output device (also not shown in FIG. 5).

It should be appreciated that the software components described hereinmay, when loaded into the CPU 502 and executed, transform the CPU 502and the overall computer architecture 500 from a general-purposecomputing system into a special-purpose computing system customized tofacilitate the functionality presented herein. The CPU 502 may beconstructed from any number of transistors or other discrete circuitelements, which may individually or collectively assume any number ofstates. More specifically, the CPU 502 may operate as a finite-statemachine, in response to executable instructions contained within thesoftware modules disclosed herein. These computer-executableinstructions may transform the CPU 502 by specifying how the CPU 502transitions between states, thereby transforming the transistors orother discrete hardware elements constituting the CPU 502.

Encoding the software modules presented herein also may transform thephysical structure of the computer-readable media presented herein. Thespecific transformation of physical structure may depend on variousfactors, in different implementations of this description. Examples ofsuch factors may include, but are not limited to, the technology used toimplement the computer-readable media, whether the computer-readablemedia is characterized as primary or secondary storage, and the like.For example, if the computer-readable media is implemented assemiconductor-based memory, the software disclosed herein may be encodedon the computer-readable media by transforming the physical state of thesemiconductor memory. For example, the software may transform the stateof transistors, capacitors, or other discrete circuit elementsconstituting the semiconductor memory. The software also may transformthe physical state of such components in order to store data thereupon.

As another example, the computer-readable media disclosed herein may beimplemented using magnetic or optical technology. In suchimplementations, the software presented herein may transform thephysical state of magnetic or optical media, when the software isencoded therein. These transformations may include altering the magneticcharacteristics of particular locations within given magnetic media.These transformations also may include altering the physical features orcharacteristics of particular locations within given optical media, tochange the optical characteristics of those locations. Othertransformations of physical media are possible without departing fromthe scope and spirit of the present description, with the foregoingexamples provided only to facilitate this discussion.

In light of the above, it should be appreciated that many types ofphysical transformations take place in the computer architecture 500 inorder to store and execute the software components presented herein. Italso should be appreciated that the computer architecture 500 mayinclude other types of computing devices, including hand-held computers,embedded computer systems, personal digital assistants, and other typesof computing devices known to those skilled in the art. It is alsocontemplated that the computer architecture 500 may not include all ofthe components shown in FIG. 5, may include other components that arenot explicitly shown in FIG. 5, or may utilize an architecturecompletely different than that shown in FIG. 5.

FIG. 6 depicts an illustrative distributed computing environment 600capable of executing the software components described herein for trustdelegation. Thus, the distributed computing environment 600 illustratedin FIG. 6 can be utilized to execute many aspects of the softwarecomponents presented herein. For example, the distributed computingenvironment 600 can be utilized to execute one or more aspects of thesoftware components described herein.

According to various implementations, the distributed computingenvironment 600 includes a computing environment 602 operating on, incommunication with, or as part of the network 604. The network 604 maybe or may include the network 556, described above. The network 604 alsocan include various access networks. One or more client devices606A-806N (hereinafter referred to collectively and/or generically as“clients 606”) can communicate with the computing environment 602 viathe network 604 and/or other connections (not illustrated in FIG. 6). Inone illustrated configuration, the clients 606 include a computingdevice 606A, such as a laptop computer, a desktop computer, or othercomputing device; a slate or tablet computing device (“tablet computingdevice”) 606B; a mobile computing device 606C such as a mobiletelephone, a smart phone, an on-board computer, or other mobilecomputing device; a server computer 606D; and/or other devices 606N,which can include a hardware security module. It should be understoodthat any number of devices 606 can communicate with the computingenvironment 602. Two example computing architectures for the devices 606are illustrated and described herein with reference to FIGS. 5 and 7. Itshould be understood that the illustrated devices 606 and computingarchitectures illustrated and described herein are illustrative only andshould not be construed as being limited in any way.

In the illustrated configuration, the computing environment 602 includesapplication servers 608, data storage 610, and one or more networkinterfaces 612. According to various implementations, the functionalityof the application servers 608 can be provided by one or more servercomputers that are executing as part of, or in communication with, thenetwork 604. The application servers 608 can host various services,virtual machines, portals, and/or other resources. In the illustratedconfiguration, the application servers 608 host one or more virtualmachines 614 for hosting applications or other functionality. Accordingto various implementations, the virtual machines 614 host one or moreapplications and/or software modules for trust delegation. It should beunderstood that this configuration is illustrative only and should notbe construed as being limiting in any way.

According to various implementations, the application servers 608 alsoinclude one or more authentication services 620, trust stack services622, permission services 624 and workflow management services 625. Theauthentication services 620 can include services for handlingauthentication requests and issuing tokens. The trust stack services 622can include services for maintaining a trust stack indicating the trustdelegation relationships between entities. The permission services 624can include services for managing permissions granted with respect totokens. The workflow management services 625 can includes services fordefining and managing the structure of complex work flows.

As shown in FIG. 6, the application servers 608 also can host otherservices, applications, portals, and/or other resources (“otherresources”) 628. The other resources 628 can include, but are notlimited to, data encryption, data sharing, or any other functionality.

As mentioned above, the computing environment 602 can include datastorage 610. According to various implementations, the functionality ofthe data storage 610 is provided by one or more databases or data storesoperating on, or in communication with, the network 604. Thefunctionality of the data storage 610 also can be provided by one ormore server computers configured to host data for the computingenvironment 602. The data storage 610 can include, host, or provide oneor more real or virtual data stores 626A-826N (hereinafter referred tocollectively and/or generically as “datastores 626”). The datastores 626are configured to host data used or created by the application servers608 and/or other data. Aspects of the datastores 626 may be associatedwith services for a trust delegation. Although not illustrated in FIG.6, the datastores 626 also can host or store web page documents, worddocuments, presentation documents, data structures, algorithms forexecution by a recommendation engine, and/or other data utilized by anyapplication program or another module.

The computing environment 602 can communicate with, or be accessed by,the network interfaces 612. The network interfaces 612 can includevarious types of network hardware and software for supportingcommunications between two or more computing devices including, but notlimited to, mobile client vehicles, the clients 606 and the applicationservers 608. It should be appreciated that the network interfaces 612also may be utilized to connect to other types of networks and/orcomputer systems.

It should be understood that the distributed computing environment 600described herein can provide any aspects of the software elementsdescribed herein with any number of virtual computing resources and/orother distributed computing functionality that can be configured toexecute any aspects of the software components disclosed herein.According to various implementations of the concepts and technologiesdisclosed herein, the distributed computing environment 600 may providethe software functionality described herein as a service to the clientsusing devices 606. It should be understood that the devices 606 caninclude real or virtual machines including, but not limited to, servercomputers, web servers, personal computers, mobile computing devices,smart phones, and/or other devices, which can include user inputdevices. As such, various configurations of the concepts andtechnologies disclosed herein enable any device configured to access thedistributed computing environment 600 to utilize the functionalitydescribed herein for trust delegation, among other aspects.

Turning now to FIG. 7, an illustrative computing device architecture 700for a computing device that is capable of executing various softwarecomponents is described herein for trust delegation. The computingdevice architecture 700 is applicable to computing devices such asmobile clients in vehicles. In some configurations, the computingdevices include, but are not limited to, mobile telephones, on-boardcomputers, tablet devices, slate devices, portable video game devices,traditional desktop computers, portable computers (e.g., laptops,notebooks, ultra-portables, and netbooks), server computers, gameconsoles, and other computer systems. The computing device architecture700 is applicable to the client device 110 and client/servers 120A-Cshown in FIGS. 1, 2A-C, and computing device 606A-N shown in FIG. 6.

The computing device architecture 700 illustrated in FIG. 7 includes aprocessor 702, memory components 704, network connectivity components706, sensor components 708, input/output components 710, and powercomponents 712. In the illustrated configuration, the processor 702 isin communication with the memory components 704, the networkconnectivity components 706, the sensor components 708, the input/output(“I/O”) components 710, and the power components 712. Although noconnections are shown between the individual components illustrated inFIG. 7, the components can interact to carry out device functions. Insome configurations, the components are arranged so as to communicatevia one or more busses (not shown).

The processor 702 includes a central processing unit (“CPU”) configuredto process data, execute computer-executable instructions of one or moreapplication programs, and communicate with other components of thecomputing device architecture 700 in order to perform variousfunctionality described herein. The processor 702 may be utilized toexecute aspects of the software components presented herein and,particularly, those that utilize, at least in part, secure data.

In some configurations, the processor 702 includes a graphics processingunit (“GPU”) configured to accelerate operations performed by the CPU,including, but not limited to, operations performed by executing securecomputing applications, general-purpose scientific and/or engineeringcomputing applications, as well as graphics-intensive computingapplications such as high resolution video (e.g., 620P, 1080P, andhigher resolution), video games, three-dimensional (“3D”) modelingapplications, and the like. In some configurations, the processor 702 isconfigured to communicate with a discrete GPU (not shown). In any case,the CPU and GPU may be configured in accordance with a co-processingCPU/GPU computing model, wherein a sequential part of an applicationexecutes on the CPU and a computationally-intensive part is acceleratedby the GPU.

In some configurations, the processor 702 is, or is included in, asystem-on-chip (“SoC”) along with one or more of the other componentsdescribed herein below. For example, the SoC may include the processor702, a GPU, one or more of the network connectivity components 706, andone or more of the sensor components 708. In some configurations, theprocessor 702 is fabricated, in part, utilizing a package-on-package(“PoP”) integrated circuit packaging technique. The processor 702 may bea single core or multi-core processor.

The processor 702 may be created in accordance with an ARM architecture,available for license from ARM HOLDINGS of Cambridge, United Kingdom.Alternatively, the processor 702 may be created in accordance with anx86 architecture, such as is available from INTEL CORPORATION ofMountain View, Calif. and others. In some configurations, the processor702 is a SNAPDRAGON SoC, available from QUALCOMM of San Diego, Calif., aTEGRA SoC, available from NVIDIA of Santa Clara, Calif., a HUMMINGBIRDSoC, available from SAMSUNG of Seoul, South Korea, an Open MultimediaApplication Platform (“OMAP”) SoC, available from TEXAS INSTRUMENTS ofDallas, Tex., a customized version of any of the above SoCs, or aproprietary SoC.

The memory components 704 include a random access memory (“RAM”) 714, aread-only memory (“ROM”) 716, an integrated storage memory (“integratedstorage”) 718, and a removable storage memory (“removable storage”) 720.In some configurations, the RAM 714 or a portion thereof, the ROM 716 ora portion thereof, and/or some combination of the RAM 714 and the ROM716 is integrated in the processor 702. In some configurations, the ROM716 is configured to store a firmware, an operating system or a portionthereof (e.g., operating system kernel), and/or a bootloader to load anoperating system kernel from the integrated storage 718 and/or theremovable storage 720.

The integrated storage 718 can include a solid-state memory, a harddisk, or a combination of solid-state memory and a hard disk. Theintegrated storage 718 may be soldered or otherwise connected to a logicboard upon which the processor 702 and other components described hereinalso may be connected. As such, the integrated storage 718 is integratedin the computing device. The integrated storage 718 is configured tostore an operating system or portions thereof, application programs,data, and other software components described herein.

The removable storage 720 can include a solid-state memory, a hard disk,or a combination of solid-state memory and a hard disk. In someconfigurations, the removable storage 720 is provided in lieu of theintegrated storage 718. In other configurations, the removable storage720 is provided as additional optional storage. In some configurations,the removable storage 720 is logically combined with the integratedstorage 718 such that the total available storage is made available as atotal combined storage capacity. In some configurations, the totalcombined capacity of the integrated storage 718 and the removablestorage 720 is shown to a user instead of separate storage capacitiesfor the integrated storage 718 and the removable storage 720.

The removable storage 720 is configured to be inserted into a removablestorage memory slot (not shown) or other mechanism by which theremovable storage 720 is inserted and secured to facilitate a connectionover which the removable storage 720 can communicate with othercomponents of the computing device, such as the processor 702. Theremovable storage 720 may be embodied in various memory card formatsincluding, but not limited to, PC card, CompactFlash card, memory stick,secure digital (“SD”), miniSD, microSD, universal integrated circuitcard (“UICC”) (e.g., a subscriber identity module (“SIM”) or universalSIM (“USIM”)), a proprietary format, or the like.

It can be understood that one or more of the memory components 704 canstore an operating system. According to various configurations, theoperating system may include, but is not limited to, server operatingsystems such as various forms of UNIX certified by The Open Group andLINUX certified by the Free Software Foundation, or aspects ofSoftware-as-a-Service (SaaS) architectures, such as MICROSFT AZURE fromMicrosoft Corporation of Redmond, Wash. or AWS from Amazon Corporationof Seattle, Wash. The operating system may also include WINDOWS MOBILEOS from Microsoft Corporation of Redmond, Wash., WINDOWS PHONE OS fromMicrosoft Corporation, WINDOWS from Microsoft Corporation, MAC OS or IOSfrom Apple Inc. of Cupertino, Calif., and ANDROID OS from Google Inc. ofMountain View, Calif. Other operating systems are contemplated.

The network connectivity components 706 include a wireless wide areanetwork component (“WWAN component”) 722, a wireless local area networkcomponent (“WLAN component”) 724, and a wireless personal area networkcomponent (“WPAN component”) 726. The network connectivity components706 facilitate communications to and from the network 756 or anothernetwork, which may be a WWAN, a WLAN, or a WPAN. Although only thenetwork 756 is illustrated, the network connectivity components 706 mayfacilitate simultaneous communication with multiple networks, includingthe network 756 of FIG. 7. For example, the network connectivitycomponents 706 may facilitate simultaneous communications with multiplenetworks via one or more of a WWAN, a WLAN, or a WPAN.

The network 756 may be or may include a WWAN, such as a mobiletelecommunications network utilizing one or more mobiletelecommunications technologies to provide voice and/or data services toa computing device utilizing the computing device architecture 700 viathe WWAN component 722. The mobile telecommunications technologies caninclude, but are not limited to, Global System for Mobile communications(“GSM”), Code Division Multiple Access (“CDMA”) ONE, CDMA7000, UniversalMobile Telecommunications System (“UMTS”), Long Term Evolution (“LTE”),and Worldwide Interoperability for Microwave Access (“WiMAX”). Moreover,the network 756 may utilize various channel access methods (which may ormay not be used by the aforementioned standards) including, but notlimited to, Time Division Multiple Access (“TDMA”), Frequency DivisionMultiple Access (“FDMA”), CDMA, wideband CDMA (“W-CDMA”), OrthogonalFrequency Division Multiplexing (“OFDM”), Space Division Multiple Access(“SDMA”), and the like. Data communications may be provided usingGeneral Packet Radio Service (“GPRS”), Enhanced Data rates for GlobalEvolution (“EDGE”), the High-Speed Packet Access (“HSPA”) protocolfamily including High-Speed Downlink Packet Access (“HSDPA”), EnhancedUplink (“EUL”) or otherwise termed High-Speed Uplink Packet Access(“HSUPA”), Evolved HSPA (“HSPA+”), LTE, and various other current andfuture wireless data access standards. The network 756 may be configuredto provide voice and/or data communications with any combination of theabove technologies. The network 756 may be configured to or be adaptedto provide voice and/or data communications in accordance with futuregeneration technologies.

In some configurations, the WWAN component 722 is configured to providedual-multi-mode connectivity to the network 756. For example, the WWANcomponent 722 may be configured to provide connectivity to the network756, wherein the network 756 provides service via GSM and UMTStechnologies, or via some other combination of technologies.Alternatively, multiple WWAN components 722 may be utilized to performsuch functionality, and/or provide additional functionality to supportother non-compatible technologies (i.e., incapable of being supported bya single WWAN component). The WWAN component 722 may facilitate similarconnectivity to multiple networks (e.g., a UMTS network and an LTEnetwork).

The network 756 may be a WLAN operating in accordance with one or moreInstitute of Electrical and Electronic Engineers (“IEEE”) 602.11standards, such as IEEE 602.11a, 602.11b, 602.11g, 602.11n, and/orfuture 602.11 standard (referred to herein collectively as WI-FI). Draft602.11 standards are also contemplated. In some configurations, the WLANis implemented utilizing one or more wireless WI-FI access points. Insome configurations, one or more of the wireless WI-FI access points areanother computing device with connectivity to a WWAN that arefunctioning as a WI-FI hotspot. The WLAN component 724 is configured toconnect to the network 756 via the WI-FI access points. Such connectionsmay be secured via various encryption technologies including, but notlimited to, WI-FI Protected Access (“WPA”), WPA2, Wired EquivalentPrivacy (“WEP”), and the like.

The network 756 may be a WPAN operating in accordance with Infrared DataAssociation (“IrDA”), BLUETOOTH, wireless Universal Serial Bus (“USB”),Z-Wave, ZIGBEE, or some other short-range wireless technology. In someconfigurations, the WPAN component 726 is configured to facilitatecommunications with other devices, such as peripherals, computers, orother computing devices via the WPAN.

The sensor components 708 include a magnetometer 728, an ambient lightsensor 730, a proximity sensor 732, an accelerometer 734, a gyroscope736, and a Global Positioning System sensor (“GPS sensor”) 738. It iscontemplated that other sensors, such as, but not limited to,temperature sensors or shock detection sensors, also may be incorporatedin the computing device architecture 700.

The I/O components 710 include a display 740, a touchscreen 742, a dataI/O interface component (“data I/O”) 744, an audio I/O interfacecomponent (“audio I/O”) 746, a video I/O interface component (“videoI/O”) 748, and a camera 750. In some configurations, the display 740 andthe touchscreen 742 are combined. In some configurations two or more ofthe data I/O component 744, the audio I/O component 746, and the videoI/O component 748 are combined. The I/O components 710 may includediscrete processors configured to support the various interfacesdescribed below or may include processing functionality built-in to theprocessor 702.

The illustrated power components 712 include one or more batteries 752,which can be connected to a battery gauge 754. The batteries 752 may berechargeable or disposable. Rechargeable battery types include, but arenot limited to, lithium polymer, lithium ion, nickel cadmium, and nickelmetal hydride. Each of the batteries 752 may be made of one or morecells.

The power components 712 may also include a power connector, which maybe combined with one or more of the aforementioned I/O components 710.The power components 712 may interface with an external power system orcharging equipment via an I/O component.

In closing, although the various configurations have been described inlanguage specific to structural features and/or methodological acts, itis to be understood that the subject matter defined in the appendedrepresentations is not necessarily limited to the specific features oracts described. Rather, the specific features and acts are disclosed asexample forms of implementing the claimed subject matter.

The present disclosure is made in light of the following clauses:

Clause 1. A computer-implemented authorization delegation method forextension of OAuth multiple actor delegation, the method comprising:receiving a first authorization request from a subject client;responding to the first authorization by sending a first token having afirst set of permissions to the subject client; receiving a secondauthorization request from a first partner actor, the secondauthorization request including the first token; responding to thesecond authorization request by: linking the first partner actor to thesubject client in a trust stack pertaining to the subject client, andsending a second token to the first actor partner with a second set ofpermissions, where the second token comprises a first complex token thatidentifies the subject client and the first partner actor; receiving athird authorization request from a second partner actor, the thirdauthorization request including the second token; responding to thethird authorization request by: linking the second partner actor to thefirst partner actor in the trust stack, and sending a third token to thesecond actor partner with a third set of permissions, where the thirdtoken comprises a second complex token that identifies the first partneractor and the second partner actor.

Clause 2. The method of Clause 1, the method including: receiving anaccess request to a resource from the second partner actor, the accessrequest including the third token; and granting access to the resourcebased on the third set of permissions.

Clause 3. The method of Clause 2, the method including: determining thesecond set of permissions based on either a union or intersection ofpermissions for the subject client and permissions for the first partneractor.

Clause 4. The method of Clause 3, the method including: determining thethird set of permissions based on either a union or intersection ofpermissions for the subject client, permissions for the first partneractor, and permissions for the third partner actor.

Clause 5. The method of Clause 1, where the authorization delegationpertains to a financial transaction and: the first partner actor is notconfigured for compliance with a standard for secure handling ofcustomer financial data; and the second partner actor is configured forcompliance with the standard for secure handling of customer financialdata.

Clause 6. The method of Clause 1, where: the subject client comprises anend user; the first partner actor comprises a service provider to theend user; and the second partner actor comprises a subcontractor to thefirst partner.

Clause 7. The method of Clause 6, where: the second partner actor isconfigured to provide one or more of shipping, packaging, warehousingand insurance to the first partner.

Clause 8. A system for trust delegation, the system comprising: one ormore processors; and one or more memory devices in communication withthe one or more processors, the memory devices having computer-readableinstructions stored thereupon that, when executed by the processors,cause the processors to: receive a first authorization request from asubject client; respond to the first authorization by sending a firsttoken having a first set of permissions to the subject client; receive asecond authorization request from a first partner actor, the secondauthorization request including the first token; respond to the secondauthorization request by: linking the first partner actor to the subjectclient in a trust stack pertaining to the subject client, and sending asecond token to the first actor partner with a second set ofpermissions, where the second token comprises a first complex token thatidentifies the subject client and the first partner actor; receive athird authorization request from a second partner actor, the thirdauthorization request including the second token; respond to the thirdauthorization request by: linking the second partner actor to the firstpartner actor in the trust stack, and sending a third token to thesecond actor partner with a third set of permissions, where the thirdtoken comprises a second complex token that identifies the first partneractor and the second partner actor.

Clause 9. The system of Clause 8, the system including storedinstructions that, when executed by the processors, cause the processorsto: receive an access request to a resource from the second partneractor, the access request including the third token; and grant access tothe resource based on the third set of permissions.

Clause 10. The system of Clause 9, the system including storedinstructions that, when executed by the processors, cause the processorsto: determine the second set of permissions based on either a union orintersection of permissions for the subject client and permissions forthe first partner actor

Clause 11. The system of Clause 10, the system including storedinstructions that, when executed by the processors, cause the processorsto: determine the third set of permissions based on either a union orintersection of permissions for the subject client, permissions for thefirst partner actor, and permissions for the third partner actor.

Clause 12. The system of Clause 8, where the authorization delegationpertains to a financial transaction and: the first partner actor is notconfigured to comply with a standard for secure handling of customerfinancial data; and the second partner actor is configured to complywith the standard for secure handling of customer financial data.

Clause 13. The method of Clause 8, where: the subject client comprisesan end user; the first partner actor comprises a service provider to theend user; and the second partner actor comprises a subcontractor to thefirst partner.

Clause 14. The system of Clause 13, where: the second partner actor isconfigured to provide one or more of shipping, packaging, warehousingand insurance to the first partner.

Clause 15. A computer storage medium having computer executableinstructions stored thereon which, when executed by one or moreprocessors, cause the processors to execute an authorization delegationmethod for extension of OAuth multiple actor delegation, the methodcomprising: receiving a first authorization request from a subjectclient; responding to the first authorization by sending a first tokenhaving a first set of permissions to the subject client; receiving asecond authorization request from a first partner actor, the secondauthorization request including the first token; responding to thesecond authorization request by: linking the first partner actor to thesubject client in a trust stack pertaining to the subject client, andsending a second token to the first actor partner with a second set ofpermissions, where the second token comprises a first complex token thatidentifies the subject client and the first partner actor; receiving athird authorization request from a second partner actor, the thirdauthorization request including the second token; responding to thethird authorization request by: linking the second partner actor to thefirst partner actor in the trust stack, and sending a third token to thesecond actor partner with a third set of permissions, where the thirdtoken comprises a second complex token that identifies the first partneractor and the second partner actor.

Clause 16. The computer storage medium of Clause 15, the methodincluding: receiving an access request to a resource from the secondpartner actor, the access request including the third token; andgranting access to the resource based on the third set of permissions.

Clause 17. The computer storage medium of Clause 16, the methodincluding: determining the second set of permissions based on either aunion or intersection of permissions for the subject client andpermissions for the first partner actor.

Clause 18. The computer storage medium of Clause 17, the methodincluding: determining the third set of permissions based on either aunion or intersection of permissions for the subject client, permissionsfor the first partner actor, and permissions for the third partneractor.

Clause 19. The computer storage medium of Clause 15, where theauthorization delegation pertains to a financial transaction and: thefirst partner actor is not configured for compliance with a standard forsecure handling of customer financial data; and the second partner actoris configured for compliance with the standard for secure handling ofcustomer financial data.

Clause 20. The computer storage medium of Clause 15, where: the subjectclient comprises an end user; the first partner actor comprises aservice provider to the end user; and the second partner actor comprisesa subcontractor to the first partner.

Clause 21. The computer storage medium of Clause 15, where: the subjectclient comprises an end user; the first partner actor comprises aservice provider to the end user; and the second partner actor comprisesa subcontractor to the first partner, where the second partner actor isconfigured to provide one or more of shipping, packaging, warehousingand insurance to the first partner.

What is claimed is:
 1. A computer-implemented authorization delegationmethod for extension of OAuth multiple actor delegation, the methodcomprising: receiving a first authorization request from a subjectclient; responding to the first authorization by sending a first tokenhaving a first set of permissions to the subject client; receiving asecond authorization request from a first partner actor, the secondauthorization request including the first token; responding to thesecond authorization request by: linking the first partner actor to thesubject client in a trust stack pertaining to the subject client, andsending a second token to the first actor partner with a second set ofpermissions, where the second token comprises a first complex token thatidentifies the subject client and the first partner actor; receiving athird authorization request from a second partner actor, the thirdauthorization request including the second token; responding to thethird authorization request by: linking the second partner actor to thefirst partner actor in the trust stack, and sending a third token to thesecond actor partner with a third set of permissions, where the thirdtoken comprises a second complex token that identifies the first partneractor and the second partner actor and where: the subject clientcomprises an end user; the first partner actor comprises a serviceprovider to the end user; and the second partner actor comprises asubcontractor to the first partner.
 2. The method of claim 1, the methodincluding: receiving an access request to a resource from the secondpartner actor, the access request including the third token; andgranting access to the resource based on the third set of permissions.3. The method of claim 2, the method including: determining the secondset of permissions based on either a union or intersection ofpermissions for the subject client and permissions for the first partneractor.
 4. The method of claim 3, the method including: determining thethird set of permissions based on either a union or intersection ofpermissions for the subject client, permissions for the first partneractor, and permissions for the third partner actor.
 5. The method ofclaim 1, where the authorization delegation pertains to a financialtransaction and: the first partner actor is not configured forcompliance with a standard for secure handling of customer financialdata; and the second partner actor is configured for compliance with thestandard for secure handling of customer financial data.
 6. The methodof claim 1, where: the second partner actor is configured to provide oneor more of shipping, packaging, warehousing and insurance to the firstpartner.
 7. A system for trust delegation, the system comprising: one ormore processors; and one or more memory devices in communication withthe one or more processors, the memory devices having computer-readableinstructions stored thereupon that, when executed by the processors,cause the processors to: receive a first authorization request from asubject client; respond to the first authorization by sending a firsttoken having a first set of permissions to the subject client; receive asecond authorization request from a first partner actor, the secondauthorization request including the first token; respond to the secondauthorization request by: linking the first partner actor to the subjectclient in a trust stack pertaining to the subject client, and sending asecond token to the first actor partner with a second set ofpermissions, where the second token comprises a first complex token thatidentifies the subject client and the first partner actor; receive athird authorization request from a second partner actor, the thirdauthorization request including the second token; respond to the thirdauthorization request by: linking the second partner actor to the firstpartner actor in the trust stack, and sending a third token to thesecond actor partner with a third set of permissions, where the thirdtoken comprises a second complex token that identifies the first partneractor and the second partner actor and where: the subject clientcomprises an end user; the first partner actor comprises a serviceprovider to the end user; and the second partner actor comprises asubcontractor to the first partner.
 8. The system of claim 7, the systemincluding stored instructions that, when executed by the processors,cause the processors to: receive an access request to a resource fromthe second partner actor, the access request including the third token;and grant access to the resource based on the third set of permissions.9. The system of claim 8, the system including stored instructions that,when executed by the processors, cause the processors to: determine thesecond set of permissions based on either a union or intersection ofpermissions for the subject client and permissions for the first partneractor.
 10. The system of claim 9, the system including storedinstructions that, when executed by the processors, cause the processorsto: determine the third set of permissions based on either a union orintersection of permissions for the subject client, permissions for thefirst partner actor, and permissions for the third partner actor. 11.The system of claim 7, where the authorization delegation pertains to afinancial transaction and: the first partner actor is not configured tocomply with a standard for secure handling of customer financial data;and the second partner actor is configured to comply with the standardfor secure handling of customer financial data.
 12. The system of claim7, where: the second partner actor is configured to provide one or moreof shipping, packaging, warehousing and insurance to the first partner.13. A computer storage medium having computer executable instructionsstored thereon which, when executed by one or more processors, cause theprocessors to execute an authorization delegation method for extensionof OAuth multiple actor delegation, the method comprising: receiving afirst authorization request from a subject client; responding to thefirst authorization by sending a first token having a first set ofpermissions to the subject client; receiving a second authorizationrequest from a first partner actor, the second authorization requestincluding the first token; responding to the second authorizationrequest by: linking the first partner actor to the subject client in atrust stack pertaining to the subject client, and sending a second tokento the first actor partner with a second set of permissions, where thesecond token comprises a first complex token that identifies the subjectclient and the first partner actor; receiving a third authorizationrequest from a second partner actor, the third authorization requestincluding the second token; responding to the third authorizationrequest by: linking the second partner actor to the first partner actorin the trust stack, and sending a third token to the second actorpartner with a third set of permissions, where the third token comprisesa second complex token that identifies the first partner actor and thesecond partner actor and where: the subject client comprises an enduser; the first partner actor comprises a service provider to the enduser; and the second partner actor comprises a subcontractor to thefirst partner.
 14. The computer storage medium of claim 13, the methodincluding: receiving an access request to a resource from the secondpartner actor, the access request including the third token; andgranting access to the resource based on the third set of permissions.15. The computer storage medium of claim 14, the method including:determining the second set of permissions based on either a union orintersection of permissions for the subject client and permissions forthe first partner actor.
 16. The computer storage medium of claim 15,the method including: determining the third set of permissions based oneither a union or intersection of permissions for the subject client,permissions for the first partner actor, and permissions for the thirdpartner actor.
 17. The computer storage medium of claim 13, where theauthorization delegation pertains to a financial transaction and: thefirst partner actor is not configured for compliance with a standard forsecure handling of customer financial data; and the second partner actoris configured for compliance with the standard for secure handling ofcustomer financial data.